|Detected||May 24 2011 06:08 GMT|
|Released||May 24 2011 17:05 GMT|
|Published||Aug 08 2011 12:37 GMT|
Trojan program that performs malicious activities in the user’s system. It is a Windows (PE64 DLL-file). It is 83968 bytes in size. It is written in C++.
Installation in the system and creating the initial conditions to run this trojan performed by other malicious programs.
The program terminates its execution, if an account name, under which it is running, is different from:
SYSTEMThe trojan allows access to the infected system and has a number of commands to manipulate (search, create, move, delete) files and folders, downloading and running files, terminating the processes and logging out of the system. The Trojan also creates a SOCKS5 proxy server on any port. A notification of infection the trojan sends to an address that is stored in encrypted form in the registry key:
If your computer does not have an antivirus, and is infected by this malicious program, follow the instructions below to delete it:
This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.
This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.